IN THE CLAIMS 

This listing of the claim will replace all prior versions and listings of 
claim in the present application. 
Listing of Claims 

Claims 1-7 (canceled). 

8. (currently amended)A security management method for 
supporting security management of e ach of a plurality of managed systems 
executed in const i tut i ng an information system comprised of computers 
connected through a network w i th a n ele ctron i c comput e r , comprising: 

a security design sp e c i f i cat i on hatch i ng step for designing security 
specifications to be applied to the information system by ef-extracting an 
information security policy which corresponds to each managed system 
constituting an information system designated by a user from a database 
where d e scr i b i ng a correspondence between information security policies 
representing policies of security measures with at least one managed system 
and said managed systems is described , to hatch s e cur i ty sp e c i f i cat i ons to b e 
a pp lie d to th e informat i on syst e m ; 

a security d ia gnos i s install step of-for executing a plurality of audit 
programs wherein a process is described to audit d e sc ri b in g a proc e ss i ng for 
aud i t i ng var i ous informat i on i nc l ud i ng a typ e of th e m a n a g e d syst e m a nd a 
softw a r e v e rs i on, wh i ch a r e stor e d so a s to corr e spond to e ach s e t of security 
status concerning the information security policy and th e manag e d syst e m 
which afe-is_specified by security specifications hatch e d designed in said 
security sp e cif i c a t i on hatching design step, as w el l as by a s e cur i ty s ta tu s to 
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aud i t the var i ous i nformation i nc l ud i ng th e typ e and th e softw a r e v e rs i on of th e 
man a g e d syst e m constitut i ng th o i nformation syst e nn d e s i gnat e d by th e us e r, 
and to diagnos e a s e cur i ty of said informat i on syst e m for collecting the 
security status of each managed system designated by the user, and for 
changing the security status of the managed systems designated by the user, 
based on the collected information, in consistency of information security 
policies specified by security specifications designed in said security design 
step ; and 

a security h a nd li ng and management step offor executing the install 
step periodically a manag e m e nt program d e signat e d by th e us e r, from a 
p l ura l ity of manag e m e nt programs d e scr i b i ng a proc e ss for contro ll ing th e 
s e cur i ty status conc e rn i ng th e informat i on s e cur i ty po li cy of th e manag e d 
syst e m, stor e d so a s to correspond to e ach s e t of th e i nformat i on s e cur i ty 
p oli cy a nd th e m a n a g e d syst e m wh i ch are speci f ie d by th e s e cur i ty 
sp e c i f i cat i ons h a tch e d i n s ai d s e cur i ty sp e c i f i cat i on hatch i ng st e p, to al l ow 
s ai d ele ctron i c comput e r to chang e th e s e cur i ty status of th e manag e d syst e m 
corr e spond i ng to tho manag e m e nt program so a s to a djust th e s e cur i ty status 
to th e i nformat i on secur i ty po li cy corr e sponding to th e manag e m e nt program . 

9. (currently amended)The security management method 
according to claim 8, wherein ifvsaid security d i agnos i s install step 
comphses. T 
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a diagnosis step for diagnosing the security of the information system 
designated by said user by extracting the audit program made to correspond 
to each set of the information security policy and the managed system, which 
are specified by the security specifications h a tch e d designed in said security 
specification hatch i ng design step , i s e xtr a ct e d from a database d e scr i b i ng 
where a correspondence is described of the information security policy, the 
managed system and the audit program where a process is written to audit 
descr i bing a proc e ss i ng for aud i ting various i nformation such as th e typ e and 
th e softwar e v e rsion of sa i d manag e d syst e m a s w ell as th e security status 
concerning said information security policy of said managed system, and 
executing execut e d, to diagnos e th e s o cur i ty of th e informat i on syst e m 
des i gnat e d by said us e r ; and 

in sa i d s e cur i ty hand li ng and manag e m e nt a change step, wherein the 
management programs, made to correspond to each set of the information 
security policy and the managed system, which are specified by the security 
specifications hatch e d designed in said security specification hatch i ng design 
step, are extracted from a database describing a correspondence of the 
information security policy, the managed system and the management 
program describing a processing for controlling the security status concerning 
the security policy, the managed system and said information security policy 
of a security of said managed system, and the management program 
designated by the user is extracted among the extracted programs to be 
executed, to allow the security status of the managed system corresponding 
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to the extracted management program to adjust to the information security 
policy corresponding to the management program. 

Claim 10 (canceled). 

1 1 . (previously presented) The security management method 
according to claim 8, wherein in accordance with a security setting content 
received from the user, said management program changes the security 
status of the managed system corresponding to the management program so 
as to adjust the security status to the information security policy 
corresponding to the management program. 

12. (previously presented) The security management method 
according to claim 8, wherein a security hole information published by a 
security information organization including CERT or Computer Emergency 
Response Team and diagnosis results obtained in said security diagnose step 
which is executed for the information system designated by the user are 
reflected in the database describing the correspondence of the information 
security policy with at least one managed system and said audit/management 
program stored so as to correspond to each set of the information security 
policy and the managed system. 
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13. (currently amended)A security management system for 
supporting security management of managed systems executed in 
constitut i ng an information system comprised of computers connected 
through a network , comprising: 

a d a tab a s e d e scribing a corr e spond e nc e b e tw ee n i nformat i on s e cur i ty 
po li c ie s r o pr o G o nt i ng a po li cy of a s e cur i ty m e asure with at l e ast on e 
man a g e d syst e m and sa i d manag e d systems; 

a s e cur i ty sp e c i fic a tion hatch i ng s e ct i on for e xtract i ng an informat i on 

s e cur i ty pol i cy wh i ch corr e sponds to each of th e m anaged sys t ems 
const i tut i ng th e i nform a t i on syst e m d e s i gnat e d by a us e r from s ai d databas e , 
to hatch s e cur i ty sp e c i fic a t i ons to b e a pp lie d to th e i nformat i on syst e m; 

a p l ur ali ty of a qdit s e ct i ons for a ud i t i ng var i ous i nform a t i on i nclud i ng a 

typ e a nd a softwar e v e rs i on of th e manag e d syst e m as w ell as a s e curity 
st a tus conc e rn i ng th e information s e cur i ty po li cy of th e m a n a g e d system, 
e ach audit s e ct i on b ei ng provid e d so a s to corr e spond to each s e t of th e 
i nform a t i on s e curity po li cy and th e manag e d syst e m, wh i ch ar e sp e cif ie d by 
s e curity sp e c i f i cat i ons hatch e d by s ai d s e cur i ty sp e cif i cat i on hatching s e ction; 

a s e cur i ty d ia gnosis s e ct i on for d ia gnos i ng a s e cur i ty of th e i nformation 

syst e m d esignate d by s a id us er base d on th e diagnosis r e su l ts i n ea ch of s ai d 
aud i t s e ct i ons; 

a p l ura li ty of m a nag e m e nt s e ct i ons for contro lli ng a s e cur i ty status 

conc e rn i ng th e i nformat i on s e curity po li cy of th e manag e d syst e m, ea ch 
manag e m e nt s e ct i on b e ing prov i d e d so a s to corr e spond to e ach s e t of th e 
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i nformation secur i ty policy and tho manag e d syst e m, wh i ch ar e sp e cifi e d by 
s e curity sp e c i ficat i ons hatch e d by sa i d s e curity sp e cification hatching st e p; 

a s e cur i ty handl i ng and man a g e m e nt s e ct i on for e x e cut i ng a 

manag e m e nt s e ct i on d e s i gnat e d by said us e r to ch a ng e th e s e cur i ty status of 
th e manag e d syst e m corr e spond i ng to th e manag e m e nt s e ct i on so as to 
adjust th e s e cur i ty status to th e informat i on s e cuhty pol i cy corr e sponding to 
th e manag e m e nt s e ct i on. 

a storage device which stores first database for storing the information 

specifying the managed systems, being a subiect to which information 
security policies are applied: 

second database for storing the information specifying the 

specifications of information security policy: and 

third database wherein correspondence between the managed 

systems and information security policies is described: 

a management and audit obiect area control section which extracts. 

from said first database managed systems being a subject to which 
information security polices are applied due to a designation by a user: 

an information security policy selection control section which extracts, 

from said second database, information security policy specifications due to a 
designation by a user: 

an information security policy/security management and audit program 

correspondence control section which extracts, from said third database, 
information security policy corresponding to the managed systems selected in 
said management and audit obiect area control section, specifies the 
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specification corresponding to the extracted information security policy among 
the specifications selected in said information security policy selection control 
section, and designs specification of the information security policies for each 
of the managed system; 

a plurality of audit sections which audit security status concerning the 

information security policy which is specified by security specifications 
designed in an information security policy/security management and audit 
program correspondence control section: 

a plurality of management sections which collect the security status of 

the information system designated by the user based on the audit results from 
the plurality of audit sections and control security status concerning the 
information security policy of the managed systems in order to bring the 
security status of the managed systems designated by the user in conformity 
with the information security policy specified by the security specification 
designed at the information security policy/security management and audit 
program correspondence control section based on the collected information, 

wherein the information security policy/security management and audit 

program correspondence control section has the process at the audit modules 
and management modules executed periodically. 
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